1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(C) 2021 Marvell.
13 uint16_t zsk_flag : 4;
16 uint16_t chacha_poly : 1;
23 uint8_t auth_iv_length;
25 uint16_t auth_iv_offset;
28 struct roc_se_ctx roc_se_ctx;
29 } __rte_cache_aligned;
31 static __rte_always_inline int
32 cpt_mac_len_verify(struct rte_crypto_auth_xform *auth)
34 uint16_t mac_len = auth->digest_length;
38 case RTE_CRYPTO_AUTH_MD5:
39 case RTE_CRYPTO_AUTH_MD5_HMAC:
40 ret = (mac_len == 16) ? 0 : -1;
42 case RTE_CRYPTO_AUTH_SHA1:
43 case RTE_CRYPTO_AUTH_SHA1_HMAC:
44 ret = (mac_len == 20) ? 0 : -1;
46 case RTE_CRYPTO_AUTH_SHA224:
47 case RTE_CRYPTO_AUTH_SHA224_HMAC:
48 ret = (mac_len == 28) ? 0 : -1;
50 case RTE_CRYPTO_AUTH_SHA256:
51 case RTE_CRYPTO_AUTH_SHA256_HMAC:
52 ret = (mac_len == 32) ? 0 : -1;
54 case RTE_CRYPTO_AUTH_SHA384:
55 case RTE_CRYPTO_AUTH_SHA384_HMAC:
56 ret = (mac_len == 48) ? 0 : -1;
58 case RTE_CRYPTO_AUTH_SHA512:
59 case RTE_CRYPTO_AUTH_SHA512_HMAC:
60 ret = (mac_len == 64) ? 0 : -1;
62 case RTE_CRYPTO_AUTH_NULL:
73 static __rte_always_inline int
74 fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
76 struct rte_crypto_cipher_xform *c_form;
77 roc_se_cipher_type enc_type = 0; /* NULL Cipher type */
78 uint32_t cipher_key_len = 0;
79 uint8_t zsk_flag = 0, aes_ctr = 0, is_null = 0;
81 c_form = &xform->cipher;
83 if (c_form->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
84 sess->cpt_op |= ROC_SE_OP_CIPHER_ENCRYPT;
85 else if (c_form->op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
86 sess->cpt_op |= ROC_SE_OP_CIPHER_DECRYPT;
87 if (xform->next != NULL &&
88 xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
89 /* Perform decryption followed by auth verify */
90 sess->roc_se_ctx.template_w4.s.opcode_minor =
91 ROC_SE_FC_MINOR_OP_HMAC_FIRST;
94 plt_dp_err("Unknown cipher operation\n");
98 switch (c_form->algo) {
99 case RTE_CRYPTO_CIPHER_AES_CBC:
100 enc_type = ROC_SE_AES_CBC;
103 case RTE_CRYPTO_CIPHER_3DES_CBC:
104 enc_type = ROC_SE_DES3_CBC;
107 case RTE_CRYPTO_CIPHER_DES_CBC:
108 /* DES is implemented using 3DES in hardware */
109 enc_type = ROC_SE_DES3_CBC;
112 case RTE_CRYPTO_CIPHER_AES_CTR:
113 enc_type = ROC_SE_AES_CTR;
117 case RTE_CRYPTO_CIPHER_NULL:
121 case RTE_CRYPTO_CIPHER_KASUMI_F8:
122 enc_type = ROC_SE_KASUMI_F8_ECB;
124 zsk_flag = ROC_SE_K_F8;
126 case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
127 enc_type = ROC_SE_SNOW3G_UEA2;
129 zsk_flag = ROC_SE_ZS_EA;
131 case RTE_CRYPTO_CIPHER_ZUC_EEA3:
132 enc_type = ROC_SE_ZUC_EEA3;
134 zsk_flag = ROC_SE_ZS_EA;
136 case RTE_CRYPTO_CIPHER_AES_XTS:
137 enc_type = ROC_SE_AES_XTS;
140 case RTE_CRYPTO_CIPHER_3DES_ECB:
141 enc_type = ROC_SE_DES3_ECB;
144 case RTE_CRYPTO_CIPHER_AES_ECB:
145 enc_type = ROC_SE_AES_ECB;
148 case RTE_CRYPTO_CIPHER_3DES_CTR:
149 case RTE_CRYPTO_CIPHER_AES_F8:
150 case RTE_CRYPTO_CIPHER_ARC4:
151 plt_dp_err("Crypto: Unsupported cipher algo %u", c_form->algo);
154 plt_dp_err("Crypto: Undefined cipher algo %u specified",
159 if (c_form->key.length < cipher_key_len) {
160 plt_dp_err("Invalid cipher params keylen %u",
165 sess->zsk_flag = zsk_flag;
167 sess->aes_ctr = aes_ctr;
168 sess->iv_offset = c_form->iv.offset;
169 sess->iv_length = c_form->iv.length;
170 sess->is_null = is_null;
172 if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type,
173 c_form->key.data, c_form->key.length,
180 static __rte_always_inline int
181 fill_sess_auth(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
183 struct rte_crypto_auth_xform *a_form;
184 roc_se_auth_type auth_type = 0; /* NULL Auth type */
185 uint8_t zsk_flag = 0, aes_gcm = 0, is_null = 0;
187 if (xform->next != NULL &&
188 xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
189 xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
190 /* Perform auth followed by encryption */
191 sess->roc_se_ctx.template_w4.s.opcode_minor =
192 ROC_SE_FC_MINOR_OP_HMAC_FIRST;
195 a_form = &xform->auth;
197 if (a_form->op == RTE_CRYPTO_AUTH_OP_VERIFY)
198 sess->cpt_op |= ROC_SE_OP_AUTH_VERIFY;
199 else if (a_form->op == RTE_CRYPTO_AUTH_OP_GENERATE)
200 sess->cpt_op |= ROC_SE_OP_AUTH_GENERATE;
202 plt_dp_err("Unknown auth operation");
206 switch (a_form->algo) {
207 case RTE_CRYPTO_AUTH_SHA1_HMAC:
209 case RTE_CRYPTO_AUTH_SHA1:
210 auth_type = ROC_SE_SHA1_TYPE;
212 case RTE_CRYPTO_AUTH_SHA256_HMAC:
213 case RTE_CRYPTO_AUTH_SHA256:
214 auth_type = ROC_SE_SHA2_SHA256;
216 case RTE_CRYPTO_AUTH_SHA512_HMAC:
217 case RTE_CRYPTO_AUTH_SHA512:
218 auth_type = ROC_SE_SHA2_SHA512;
220 case RTE_CRYPTO_AUTH_AES_GMAC:
221 auth_type = ROC_SE_GMAC_TYPE;
224 case RTE_CRYPTO_AUTH_SHA224_HMAC:
225 case RTE_CRYPTO_AUTH_SHA224:
226 auth_type = ROC_SE_SHA2_SHA224;
228 case RTE_CRYPTO_AUTH_SHA384_HMAC:
229 case RTE_CRYPTO_AUTH_SHA384:
230 auth_type = ROC_SE_SHA2_SHA384;
232 case RTE_CRYPTO_AUTH_MD5_HMAC:
233 case RTE_CRYPTO_AUTH_MD5:
234 auth_type = ROC_SE_MD5_TYPE;
236 case RTE_CRYPTO_AUTH_KASUMI_F9:
237 auth_type = ROC_SE_KASUMI_F9_ECB;
239 * Indicate that direction needs to be taken out
242 zsk_flag = ROC_SE_K_F9;
244 case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
245 auth_type = ROC_SE_SNOW3G_UIA2;
246 zsk_flag = ROC_SE_ZS_IA;
248 case RTE_CRYPTO_AUTH_ZUC_EIA3:
249 auth_type = ROC_SE_ZUC_EIA3;
250 zsk_flag = ROC_SE_ZS_IA;
252 case RTE_CRYPTO_AUTH_NULL:
256 case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
257 case RTE_CRYPTO_AUTH_AES_CMAC:
258 case RTE_CRYPTO_AUTH_AES_CBC_MAC:
259 plt_dp_err("Crypto: Unsupported hash algo %u", a_form->algo);
262 plt_dp_err("Crypto: Undefined Hash algo %u specified",
267 sess->zsk_flag = zsk_flag;
268 sess->aes_gcm = aes_gcm;
269 sess->mac_len = a_form->digest_length;
270 sess->is_null = is_null;
272 sess->auth_iv_offset = a_form->iv.offset;
273 sess->auth_iv_length = a_form->iv.length;
275 if (unlikely(roc_se_auth_key_set(&sess->roc_se_ctx, auth_type,
276 a_form->key.data, a_form->key.length,
277 a_form->digest_length)))
283 static __rte_always_inline int
284 fill_sess_gmac(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
286 struct rte_crypto_auth_xform *a_form;
287 roc_se_cipher_type enc_type = 0; /* NULL Cipher type */
288 roc_se_auth_type auth_type = 0; /* NULL Auth type */
290 a_form = &xform->auth;
292 if (a_form->op == RTE_CRYPTO_AUTH_OP_GENERATE)
293 sess->cpt_op |= ROC_SE_OP_ENCODE;
294 else if (a_form->op == RTE_CRYPTO_AUTH_OP_VERIFY)
295 sess->cpt_op |= ROC_SE_OP_DECODE;
297 plt_dp_err("Unknown auth operation");
301 switch (a_form->algo) {
302 case RTE_CRYPTO_AUTH_AES_GMAC:
303 enc_type = ROC_SE_AES_GCM;
304 auth_type = ROC_SE_GMAC_TYPE;
307 plt_dp_err("Crypto: Undefined cipher algo %u specified",
315 sess->iv_offset = a_form->iv.offset;
316 sess->iv_length = a_form->iv.length;
317 sess->mac_len = a_form->digest_length;
319 if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type,
320 a_form->key.data, a_form->key.length,
324 if (unlikely(roc_se_auth_key_set(&sess->roc_se_ctx, auth_type, NULL, 0,
325 a_form->digest_length)))
331 #endif /*_CNXK_SE_H_ */